Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - how to use SSL ??
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

how to use SSL ??
 Post Reply Post Reply Page  <1234>
Author
  Topic Search Topic Search  Topic Options Topic Options
KCWebMonkey View Drop Down
Senior Member
Senior Member
Avatar
Go Chiefs!

Joined: 21 June 2002
Status: Offline
Points: 1319 		Post Options Post Options   Thanks (0) Thanks(0)   Quote KCWebMonkey Quote  Post ReplyReply Direct Link To This Post Posted: 10 December 2003 at 6:56am
the database just needs to have a good password, and be out of the www root on your server.
Back to Top
the boss View Drop Down
Senior Member
Senior Member
Avatar

Joined: 19 January 2003
Location: Saudi Arabia
Status: Offline
Points: 1727 		Post Options Post Options   Thanks (0) Thanks(0)   Quote the boss Quote  Post ReplyReply Direct Link To This Post Posted: 10 December 2003 at 1:24pm

the best way to structure shopping cart with SSL facility is...to store all the items in a cart in a database temporary and not in session cookies or something.. this way u will not lose any thing when the browser switches from http to https

secondly have a completely seprate page for CC info... use ssl on for that page only..

u may also want all shoppers to register first if u r storing the cart items in a database and not in session cookie or cookies

Back to Top
Gullanian View Drop Down
Senior Member
Senior Member
Avatar

Joined: 04 January 2002
Location: England
Status: Offline
Points: 4373 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Gullanian Quote  Post ReplyReply Direct Link To This Post Posted: 10 December 2003 at 1:27pm

You need to check that your by law allowed to store credit cards on a database.  There are certain terms and conditions you need to abide by before you can do something like that
Back to Top
ljamal View Drop Down
Mod Builder Group
Mod Builder Group


Joined: 16 April 2003
Status: Offline
Points: 888 		Post Options Post Options   Thanks (0) Thanks(0)   Quote ljamal Quote  Post ReplyReply Direct Link To This Post Posted: 10 December 2003 at 1:33pm
Visa has the strictest rules regarding the storage of credit card. I'd suggest any one working with e-commerce read and comply with those rules. There are some pretty stiff penalties for the failure to comply.
L. Jamal Walton

L. Jamal Inc : Web/ Print Design and ASP Programming
Back to Top
michael View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 April 2002
Location: United States
Status: Offline
Points: 4670 		Post Options Post Options   Thanks (0) Thanks(0)   Quote michael Quote  Post ReplyReply Direct Link To This Post Posted: 10 December 2003 at 3:01pm
That's right, for example is it forbidden to store CC's on a server that is shared with other companies. Even though it may be convenient for the buyer, but I would not even store CC#'s have them enter them, process and forget it. Whoever does the processing, depending on the card does not even need the number but the Authorization Code.
Blog | MPG Tracker
Back to Top
Gullanian View Drop Down
Senior Member
Senior Member
Avatar

Joined: 04 January 2002
Location: England
Status: Offline
Points: 4373 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Gullanian Quote  Post ReplyReply Direct Link To This Post Posted: 10 December 2003 at 3:38pm

The easiest way is to hire a third party, then all the responsibility is placed upon them.
Back to Top
dpyers View Drop Down
Senior Member
Senior Member


Joined: 12 May 2003
Status: Offline
Points: 3937 		Post Options Post Options   Thanks (0) Thanks(0)   Quote dpyers Quote  Post ReplyReply Direct Link To This Post Posted: 10 December 2003 at 8:31pm

As someone who had his credit card lifted off of the server of a site selling CD's, I'm a big advocate of not keeping cc info at all.

I don't believe there's ever been an instance of someone lifting credit card info while it was in transit over an ssl/vpn connection. But there's beed a lot of instances where someone lifted a few thousand from a db.

FWIW, most of the larger outfits run their DB's behind a DMZ. An exposed web server passes a request along a specific port to an app server bedind a dmz. The app server passes it along to a db server within the dmz. If confidential personal info is involved - e.g. medical, ssn, or cc info, there's usually another dmz that has yet another db server behind it for that info. The two db servers talk to each other over non-standard ports, often using specific process id's that are set at boot time.

Lead me not into temptation... I know the short cut, follow me.
Back to Top
dizzyfunk View Drop Down
Newbie
Newbie


Joined: 12 September 2003
Location: United Kingdom
Status: Offline
Points: 17 		Post Options Post Options   Thanks (0) Thanks(0)   Quote dizzyfunk Quote  Post ReplyReply Direct Link To This Post Posted: 11 December 2003 at 2:08am

ok then... all this is understandable.. but please.. i'm new to all this so need to know what to do....!

if i have a page in the ssl that takes the users credit card and emails it to the company processing the order, using cdonts will that work and will it be secure??

 
Back to Top
 Post Reply Post Reply Page  <1234>

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.